Bug 889429 – VUL-0: CVE-2014-3560: samba: Samba4 unstrcpy macro length is invalid

Bug 889429 - (CVE-2014-3560) VUL-0: CVE-2014-3560: samba: Samba4 unstrcpy macro length is invalid

(CVE-2014-3560)
Summary:	VUL-0: CVE-2014-3560: samba: Samba4 unstrcpy macro length is invalid

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	All openSUSE 13.1

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-07-29 18:19 UTC by Lars Müller
Modified:	2014-09-01 09:57 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Community User
Services Priority:
Business Priority:
Blocker:	No
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Müller 2014-07-29 18:19:52 UTC

embargoed via https://bugzilla.samba.org/show_bug.cgi?id=10735

CRD is 2014-08-01

We have Samba 4.1.9 currently only in openSUSE 13.1 as a released product.

Karolin Seeger drafted the advisory:

===========================================================
== Subject:     Remote code execution in nmbd
==
== CVE ID#:     CVE-2014-3560
==
== Versions:    Samba 4.0.0 to 4.1.9
==
== Summary:     Samba 4.0.0 to 4.1.9 are affected by a
==              remote code execution attack on
==		unauthenticated nmbd NetBIOS name services.
==
===========================================================

===========
Description
===========

All current versions of Samba 4.x.x are vulnerable to a remote code
execution vulnerability in the nmbd NetBIOS name services daemon.

A malicious browser can send packets that may overwrite the heap of
the target nmbd NetBIOS name services daemon. It may be possible to
use this to generate a remote code execution vulnerability as the
superuser (root).

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.1.11 and 4.0.21 have been issued as security
releases to correct the defect. Patches against older Samba versions
are available at http://samba.org/samba/patches/. Samba vendors and
administrators running affected versions are advised to upgrade or
apply the patch as soon as possible.

==========
Workaround
==========

Do not run nmbd, the NetBIOS name services daemon.

=======
Credits
=======

This problem was found and the fix provided by Volker Lendecke, a
Samba Team member working for SerNet <vl@sernet.de>
https://www.sernet.de.

Comment 1 Swamp Workflow Management 2014-07-30 22:00:13 UTC

bugbot adjusting priority

Comment 3 Lars Müller 2014-08-03 14:17:56 UTC

https://build.opensuse.org/request/show/243457  openSUSE 13.1  talloc
https://build.opensuse.org/request/show/243458  openSUSE 13.1  tdb
https://build.opensuse.org/request/show/243459  openSUSE 13.1  tevent
https://build.opensuse.org/request/show/243460  openSUSE 13.1  ldb
https://build.opensuse.org/request/show/243461  openSUSE 13.1  samba

Samba 4.1.11 requires ldb 1.1.17 which requires the version updates of talloc, tdb, and tevent.

Comment 4 Swamp Workflow Management 2014-08-20 17:05:37 UTC

openSUSE-SU-2014:1040-1: An update that solves one vulnerability and has 5 fixes is now available.

Category: security (moderate)
Bug References: 865627,884056,889429,889539,890005,890008
CVE References: CVE-2014-3560
Sources used:
openSUSE 13.1 (src):    ldb-1.1.17-3.4.1, samba-4.1.11-3.26.1, talloc-2.1.1-7.4.1, tdb-1.3.0-4.4.1, tevent-0.9.21-4.4.1

Comment 5 Marcus Meissner 2014-09-01 09:57:59 UTC

was released